SECURING


Configuring user name mapping when you manage Domino users through Active Directory

Follow the steps in this topic to configure user name mapping for a Windows™ single sign-on environment if you manage HCL Domino® user information primarily through Active Directory. This configuration requires you to add users' HCL Notes® distinguished names to Active Directory user accounts.

Procedure

1. In a directory assistance database, create an LDAP directory assistance document to use to connect to the Active Directory server.

2. If users have Person documents in the Domino Directory, make the following edits to them. Person documents are optional for Web users who are not HCL iNotes® users.
3. If users have Domino Person documents but you do not include their Domino Internet passwords in them, disable the following Internet password settings in users' effective Security Settings policy document: 4. On the Security -> Internet Access tab of the Server documents of participating Domino servers, for Internet authentication, select Fewer name variations with higher security.

5. If some SSO servers are authenticating users against Active Directory, specify the following setting in the Web SSO Configuration document:


Parent topic: Configuring user name mapping in a Windows single sign-on for Web clients environment

Related concepts
Configuring user name mapping in a Windows single sign-on for Web clients environment
Access levels in the ACL

Related tasks
Creating a Directory Assistance document for a remote LDAP directory
Creating a security policy settings document
Creating a Web SSO configuration document

Related information
Troubleshooting Windows single sign-on for Web clients (SPNEGO)